Don't make scary messages just because one key didn't work on a message:

only be frightened if they all fail.  Set initial keyset refcount
correctly.

diff --git a/keyset.c b/keyset.c
index 774aa450af007a8ae33f67c9277632d50869f05d..12ade4f32a93d55dab9e6f229f397d3796afa909 100644 (file)
--- a/keyset.c
+++ b/keyset.c
@@ -1,6 +1,6 @@
 /* -*-c-*-
  *
- * $Id: keyset.c,v 1.6 2003/04/06 10:26:35 mdw Exp $
+ * $Id: keyset.c,v 1.7 2003/05/17 11:00:47 mdw Exp $
  *
  * Handling of symmetric keysets
  *
@@ -29,6 +29,11 @@
 /*----- Revision history --------------------------------------------------* 
  *
  * $Log: keyset.c,v $
+ * Revision 1.7  2003/05/17 11:00:47  mdw
+ * Don't make scary messages just because one key didn't work on a message:
+ * only be frightened if they all fail.  Set initial keyset refcount
+ * correctly.
+ *
  * Revision 1.6  2003/04/06 10:26:35  mdw
  * Report peer name on decrypt errors.
  *
@@ -217,9 +222,8 @@ static int dodecrypt(keyset *ks, buf *b, buf *bb, uint32 *seq)
   })
   h->ops->destroy(h);
   if (!eq) {
-    a_warn("incorrect MAC on packet from `%s'", p_name(ks->p));
     IF_TRACING(T_KEYSET, {
-      trace(T_KEYSET, "keyset: decryption failed");
+      trace(T_KEYSET, "keyset: incorrect MAC: decryption failed");
       trace_block(T_CRYPTO, "crypto: expected MAC", pmac, MACSZ);
     })
     return (-1);
@@ -376,6 +380,7 @@ keyset *ks_gen(const void *k, size_t x, size_t y, size_t z, peer *p)
 #undef GETHASH
 
   T( ks->seq = seq++; )
+  ks->ref = 1;
   ks->t_exp = now + T_EXP;
   ks->sz_exp = SZ_EXP;
   ks->oseq = ks->iseq = 0;
@@ -607,7 +612,7 @@ int ksl_decrypt(keyset **ksroot, buf *b, buf *bb)
       return (dosequence(ks, seq));
     }
   }
-  T( trace(T_KEYSET, "keyset: no matching keys"); )
+  T( trace(T_KEYSET, "keyset: no matching keys, or incorrect MAC"); )
   return (-1);
 }